Enhanced authentication and key management scheme for securing data transmission in the internet of things

Abstract

The Internet of Things (IoT), with its smartness and intelligence, is gradually changing human life by allowing everyday objects to be connected to the Internet. With the prevalence of the IoT, wireless sensor networks (WSNs) are attracting worldwide attention, because they cover a wide range of IoT applications. The sensors collect data from the physical world and communicate with each other through wireless links. Ensuring the security and privacy of WSNs’ communication is challenging. Recently, a secure authentication and key management scheme was proposed to secure data transmission in WSNs. In this paper, we show that this scheme has various security flaws, such as replay attack, denial of service attack, impersonation attack, and lack of mutual authentication and session key agreement. Then, we propose an enhanced scheme to overcome the identified security weaknesses. The security of the enhanced scheme is formally verified using the Burrows–Abadi–Needham logic and the Automated Validation of Internet Security Protocols and Applications tool. Our proposed scheme is more secure, efficient, and suitable for WSN-based IoT applications than recent related methods.